Yesterday, two days after my fairly new Dell shorted itself, my not so new desktop PC at home decided to die as well-either the motherboard, the power supply, or both took a dump.  I was working on some discrete tasks from home since it would save me the trouble of setting up VS and the various messengers and tools.  Two computers in 3 days, what are the odds?

My 3ish month old laptop decided to utterly fry itself, the USB ports went while I was looking at a PDA and then I was greeted by the very brief blue flash of a HARDWARE FAILURE screen before it retired and would not be reawakened.  The degree to which this puts me out of commission is disgusting.

You may try to open an SQL Mobile database with the query manager tool, or you may get error messages trying to compact, repair, or shrink an SQL Mobile database.  The solution is to install the SQL Mobile replication CAB appropriate for your device platform.  If you installed Visual Studio to the default folder you will find this in C:\Program Files\Microsoft Visual Studio 8\SmartDevices\SDK\SQL Server\Mobile\v3.0\wceX00 and sqlce30.repl.phone.wce5.armv4i.CAB is the file you're looking for, or the appropriate version for your platform.  You may not have installed this file if you are not using replication, but it contains a DLL (sqlcecompact30.dll) that the managed SQLMobile code will be looking for if one of the aforementioned operations is attempted.  It also seems that deploying from Visual Studio will not install this CAB file when you are using code that depends on it. 

The original series of articles on hosting the Visual Studio designer shall be wrapped up in the next installment.  The designer stuff is mostly done anyway, but I had planned on following up with a great deal of obscure Windows Forms tricks involved in interacting with the design time environment.  I've reevaluated the worth of this in light of the coolness of WPF and I think I'll shelve that effort for the forseeable future.  Messing around with the Orcas designer surface for a WPF window today, I realized I need to get on the ball with the Orcas design-time environment.

A friend of mine asked me to do an Architectural Review for him, and since I have had my eye on some home theater recliners I agreed to help.  This is something I've done several times in the past in an ad hoc fashion: in conversations with developers, stakeholders, infrastructure experts, and users, the areas that require more rigid review than other areas make themselves known quickly.  This client had the audacity to want to know ahead of time what is usualy contained in an Architectural Review, which forced me to sit down and think about things that I haven't been at for a while, such as different viewpoints as to what exactly is entailed in the idea of software architecture and what people are really after when they bring someone in to review the architecture and implementation of a software system.

The latter question is often overlooked but is of paramount importance.  What are they after, bringing in an outsider who does not know their business and their politics to critique what is often the collective work of an entire department and a fair amount of involvement from other departments as well.  I have a friend who despite being a world class software architect is regularly subjected to reviews by people who were not out of diapers when he began working with the high level structure of integrated systems.  What are they after?  In some cases (though this does not seem to be the norm) there are clear problems with a system's ability to scale or with the difficulty in making changes to a system and the architect is brougt in to show the way forward. I will propose some answers with a few articles I am working on, culminating with my humble offer for a blueprint of what is involved in an "Architectural Review."

Dear Sony,

Thank you for punishing your early adopters.  Revisions in console hardware and specifications are no doubt unavoidable, however cutting the price on the PS3 mere months after it was released, along with offering a new version containing an 80gb HD and the full version of Motorstorm so soon seems like a bit of a slap to the 6million or so people who just bought these things.  The loud and clear message is to not buy consoles at launch. 

There are various talks online about ClickOnce improvements in Orcas.  I installed a Vista Virtual PC and Orcas Beta 1, which took a rather long amount of time since I had work to do on this PC while VPC was fighting for resources.  Details were scarce but I had hoped the gaping hole of no authentication mechanisms being supported by ClickOnce would be in some way addressed out of the box with Orcas and .NET 3.5.  No Joy, at least not without a little bit of work and digging.  There are references to the ability to customize the User Interface you see while downloading the application files, ostensibly for branding but I have some hope that this may also allow one to provide a user interface to responde to an authentication challenge.  If not, I'll begin brainstorming some kind of frankenstein solution that may end up being no easier than home rolling the whole shebang.

My day was off to a late start today as my wife and I were both standing up in a wedding last night.  Nonetheless, when I finally waded through my email I was pleased to see that I have officially been awarded the 2007 Microsoft MVP award in the category "Visual Developer - Solutions Architect."  Thanks go out to my nominator (you know who you are) and I hope to keep living up to this title over the next year.

My company is growing to the point where customers are asking for features that may be useful to other customers and we'd generally like to be able to easily push out new versions of desktop software.  The immediate choices seem to be the Application Updater block, ClickOnce, and home-rolling a solution.  Since the App Updater block seems to want me to write code to determine when updates happen and such, and I'd like to avoid reinventing the wheel with a complete home grown solution, ClickOnce seems like a very good possibility.  I can publish to FTP from Visual Studio, I don't have to write extra code, I can specify Full Trust, force minimum versions, firewall friendly, etc.  Yes, its got a lot going for it. 

My first concern was that as a mixed-technology shop, we might not be able to use ClickOnce.  Our production environment is predominantly Linux and BSD based and it doesn't seem out of the realm of possibility that there might be some IIS specific functionality needed for ClickOnce to work.  Luckily this is not the case, and I have an important Internal tool running with ClickOnce deployment now.  To be safe I added .application and such as mime types in the Apache config but it seems only some people actually require this step.  For this initial deployment I found only two irksome issues:

1) IE only.  Some of the people here have Firefox set up as their default browser for some reason.  Clicking on the link to the Publish.htm in their email launches Firefox which happily displays the raw Application Manifest.  Cruising around MSDN I can see that this is addressed in .NET 3.0 or 3.5, which one is not clear.  It would also seem likely that there is a way to register an external program-handler for .application in FireFox, but if I wanted users to have to do work I'd keep on giving them MSI files.  This internal tool is also the Pilot for using ClickOnce for end-user deployments, and obviously those people would prefer things to be as easy as possible.  To some degree I can cordially invite internal users to go pound sand if they think the setup is too hard but any problem my customers have, no matter how silly or made up, becomes a real problem for me.

2) Security.  My apache skills are rusty.  Still, I was able to setup basic auth with .htaccess files in my ClickOnce directory with only minimally bothering our sysadmin.  See, I have this odd notion that if I'm going to put a public URL out there that any person could stumble on to or share with their friends, I'd like some form of authentication so I can at least tell who is sharing his password with 50 of his closest friends.  Let me be explicit in that I am not looking for some type of hack-proof system, I just want the ritual of authentication and authorization to be observed here.  Basic auth blows up when you try to Launch the ClickOnce app, and this is expected behavior.  Supposedly NTLM is the solution: protect the resource with NTLM challenge/response, tell it to "remember me", and you're on your way.  Well, not really.  The sysadmin, no longer so lucky as to be only minimally burdened by my experiment, was shanghaid to track down an NTLM compatible add on for apache and cook up some form of domain to authenticate it against.  We found mod_ntlm, we configured mod_ntlm against a Samba domain, we protected the test directory with mod_ntlm.  As soon as I enter the domain credentials and check "Remember this password" I hit launch, to be met with the same kaboom as Basic Auth.  Larry Clarkin reminded me that in the Internet Zone remember me won't work.  Adding to trusted sites does not help either, at least not in my experimenting.  ClickOnce has no mechanism for asking you for credentials, nor can it ask you to confirm continuing on to a site with a self-signed SSL cert, as you are sure to find ina  test environment.

It seems likely that I might be able to tweak IE settings to a custom level for trusted sites, but if my users could infalliably do that task I wouldn't need ClickOnce.  With so many excellent designs within .NET, it seems very odd indeed that there is no Provider Model for authentication, no Event we can respond to in order to handle self-signed test certificates.  I'm trying Orcas Beta 1 this weekend, but I'm not overly optimistic.

Security is a funny thing, and I often wonder if things like UAC and all-managed operating systems are not dancing around the issue of needing fundamental re-thinking.  Here's a funny example: DasBlog occasionally craps out on me, or maybe it's my session timing out before I can type up a post and hit "post to weblog."  Long posts are always composed in Word first, and shorter ones that I still don't want to re-type in case of the occasional fluke are saved by Ctrl+A, Ctrl+C, to be re-pasted into the edit window in case of an issue.  Is it ironic that when this event just happened, IE politely asked me for permission to allow access to the clipboard, access to the content I had just copied out of IE to begin with.

I bought Super Stardust HD last night and it was so much fun I blew off a lot of other things I've been meaning to do.  I did not play Geometry Wars but apprenntly the dual-analog control scheme is borrowed from that game.  It took a while to get used to the gameplay but I'm hoping over the next week I can better my #300 slot in this ridiculous and addicting shooter.  I believe this is either already on XBLA or is on its way there.  Buy it, now.

I cannot wait for my chance to buy this: http://gear.ign.com/articles/799/799262p1.html.  This is an ingenious idea, and the Xbox 360 absolutely needs this.  I often wonder if PC based Halo players on Live Anywhere are slaughtering console players due to the natural advantage of the glorious mouse.  I imagine cries of "camper!" and "Low ping bastard!" being replaced with "PC snob" or "mouser!" or maybe "m04Z0r!" Yes, elite speak is dumb.